A user accessing an on-line resource is typically required to authenticate their identity by entering log-in credentials, typically consisting of a user credential, such as a username, and an associated password. The on-line resource compares the credentials with its records and, if there is a match, authenticates the user to allow access to the on-line resource.
In practice, this requires the user to either remember different sets of credentials, one set associated with each on-line resource, re-use log-in credentials for multiple on-line resources or record the credentials and associated on-line resource identifying information in a safe location.
Current methods of improving this process typically relate to a web browser of a computing device remembering a history of the user and auto-populating the authentication fields when prompted by an on-line resource. This approach suffers from a lack of security in that the computing device, which is accessible on a network, is storing the authentication where it could be accessed by an attacker if the security of the computing device were breached.
Another disadvantage of this approach is that a user still has to remember their credentials when using a different computing device that lacks the history, or if the history of the device has been cleared. This may require retrieving information from each on-line resource via an email account, or some other means where a user has forgotten their credentials. Since the browser is auto-populating the log-in fields, it is more likely that a user will forget their credentials.
Another disadvantage of this method is that it encourages users to maintain a static set of credentials and to use simple user credentials and associated passwords to assist their memory.
There is a need for a system, devices and method for avoiding limitations in the prior art.